1

Expected Behavior

  1. Working fine when access with dapr API using postman to access key vault secret.
  2. Should fetch the secret from azure key vault using c sharp dapr client SDK.

Actual Behavior

  1. Azure key vault with service principal YAML:
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: azuresecretstore
  namespace: default
spec:
  type: secretstores.azure.keyvault
  version: v1
  metadata:
  - name: vaultName
    value: "kv-xxxx-dev-xxx"
  - name: azureTenantId
    value: "5xxxxaf-bxx8-4xxe4-xxxc-a0fxxxxc36"
  - name: azureClientId
    value: "e01xxxxf-8xxx-xxxx-9axx-3f12xxxxce5"
  - name: azureClientSecret
    value : "aCK8Q~xxxxxxxxxxxxxxLixFKe1ZD__u6a_v"
  1. When executing daprClient.GetSecretAsync function in c# web api code getting below error

Dapr.DaprException HResult=0x80131500 Message=Secret operation failed: the Dapr endpoint indicated a failure. See InnerException for details. Source=Dapr.Client StackTrace: at Dapr.Client.DaprClientGrpc.d__48.MoveNext() at Program.<$>d__0.MoveNext() in C:\Users\DmonteN\source\repos\touchstone-svc-template\src\Touchstone.Api\Program.cs:line 120

This exception was originally thrown at this call stack: [External Code]

Inner Exception 1: RpcException: Status(StatusCode="Unavailable", Detail="Error connecting to subchannel.", DebugException="System.Net.Sockets.SocketException (10061): No connection could be made because the target machine actively refused it. at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken) at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token) at System.Net.Sockets.Socket.g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken) at Grpc.Net.Client.Balancer.Internal.SocketConnectivitySubchannelTransport.TryConnectAsync(CancellationToken cancellationToken)")

Steps to Reproduce the Problem

  1. Install dapr, configure azure key vault yaml file.
  2. Run dapr side car engine
  3. Verify if you are able to fetch the secret using dapr secret API in postman
  4. If yes, then execute below code in c sharp
 // Create Dapr Client 

var daprClient = new DaprClientBuilder().UseHttpEndpoint("http://127.0.0.1:50001/").UseJsonSerializationOptions(default).Build();

        // Add the DaprClient to DI. 
        builder.Services.AddSingleton(daprClient); 
        var noProxy = Environment.GetEnvironmentVariable("no_proxy");
    
        CancellationTokenSource source = new CancellationTokenSource();
        CancellationToken cancellationToken = source.Token;  
    
        //Using Dapr SDK to invoke a method
        var metadata = new Dictionary<string, string> { ["version_id"] = "3" };
        var secret = await daprClient.GetSecretAsync("azuresecretstore", "appcs-id-Primary", metadata, cancellationToken); <= Getting error at this line 
        
        Console.WriteLine($"Result: {string.Join(", ", secret)}");
Neltech101
  • 29
  • 4

1 Answers1

0

Have you set up Key Vault access policies to allow your Web app to read secrets from KV? Looks like no access policies have been set in KV which is why connection was actively refused.

Check this link on how to setup access policies in KV to allow access from a Web app : https://learn.microsoft.com/en-us/azure/key-vault/general/tutorial-net-create-vault-azure-web-app#configure-the-web-app-to-connect-to-key-vault

Rimaz Mohommed
  • 1,176
  • 10
  • 16
  • I have setup the service principal in the access policy for Key vault already and I am able to access secret using dapr from postman but not from c# code dapr client SDK – Neltech101 Sep 22 '22 at 07:39